Legal issues relating to personal data processing

The collection and processing of personal data, i.e., the information concerning identified or identifiable individuals, is subject to increasing statutory and legislative supervision.

This regulation applies at the very heart of business activities. For example, the management both of client and marketing databases and of personnel files involves the collection and processing of personal data. Whereas the first requires the creation of files for day-to-day operations such as orders and deliveries, invoicing or commercial promotions, the second will involve compiling files for the administrative management of people, organization of work, management of careers and mobility and personnel recruitment and training. These files must comply with the statutory protection afforded to the privacy of the individuals in question.

Furthermore, the growing internationalization of corporate activity and of even the company itself, results in the multiplication of transfers of data abroad which are also regulated.

The first regulations for the protection of personal data appeared in France in 1978 and served as a benchmark for other countries. That is how Directive 95/46/CE “on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, which was inspired by the French “Information Processing and Liberties” law, came to harmonize the regime for protecting personal data not only in the European Union but also in countries applying to join the EU, which must comply with EU law before becoming members. As a result, the United Kingdom, France, Poland, the Czech Republic and Slovakia – Member States of the European Union – and also Turkey and Romania – applicants for membership – implement legislation which is roughly equivalent both in terms of concepts and their implementation.

Although the movement to protect personal data is fast expanding and the European Union’s policy on international data transfers requires non-Member States to raise their standards of protection before personal data can be transferred to them from the EU, it is nevertheless the case that some states are still at the early stages in this area. At present, Kazakhstan has a policy of privacy regulation by sector. China does not yet have a specific law but a draft bill is in the course of being drawn up.

In this letter we aim to give an overview of the legislations in force in various countries and to shed light on the main questions for any person collecting and/or processing personal data.